dqkkrt8860 2015-02-18 09:33
浏览 42
已采纳

PHP中的安全会话

Can one create a salt (random string), append it to a user id string, then md5 (or other encryption), save the same result as a cookie, and as a session variable, then include a php script on secure pages to make sure both cookie, and session variables match?

Would this be secure?

  • 写回答

1条回答 默认 最新

  • duancong2160 2015-02-18 09:43
    关注

    No more secure than letting PHP generate a session ID for you automatically, using the session_start() call.

    It's still vulnerable to someone stealing your cookie with the session ID.

    For better security, use HTTPS and mark the cookies as HTTP-only so javascript can't access them. You could also store the user's IP in a session variable and check that IP address matches the remote address of the user sending you back your cookie.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 MATLAB动图问题
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名